Features and Capabilities

An Easy Vehicle for Cybersecurity Attacks

SSL-encrypted traffic is exploding, due to the enterprise-wide usage of cloud computing, secure e-commerce, Web 2.0 applications, email, and VPN. However, SSL-encrypted communications are an easy vehicle to hide many types of cybersecurity threats, including:

Intrusion attacks

Advanced malware

Phishing attacks

Viruses and worms

Data loss

If not managed properly, SSL can leave a hole in any enterprise security architecture. Existing approaches to SSL-encrypted traffic often involve passing everything through or blocking all SSL traffic. Or they may combine the SSL decryption on the same device as threat protection functions, such as an IPS.

Cisco SSL Appliance Capabilities

Unlike on-box SSL decryption solutions that use shared hardware resources for SSL decryption and IPS inspection, the Cisco SSL architecture permits the SSL and IPS processes to run on separate systems. This offloads all decryption and encryption requirements from the IPS to provide greater IPS performance and scalability.

Cisco SSL Appliances are also versatile enough to inspect SSL traffic in both inbound and outbound configurations and are available with a range of interface options. All include a programmable fail-open capability, traffic bypass filters, and configurable link state monitoring and mirroring. Fine-grained policy control provides the ability to control which SSL flows are inspected, passed through, or blocked.

The following unique capabilities of Cisco SSL Appliances remove risk arising from lack of visibility into SSL traffic while also maintaining the performance of security and network appliances:

Decryption of traffic up to 3.5 Gbps with over five million simultaneous flows

Transparent proxy - no configuration, addressing, or topology changes

Support for both passive and inline configurations

Detection of SSL sessions on all ports, not just the traditional port 443

Logging the details of all SSL flows to detect suspicious trends or patterns

Specifications at a Glance

Security Functions

Encryption: TLS 1.0, TLS 1.1, SSL3, partial SSL2

Proxy mode: Transparent

Public key algorithms: RSA, DSA, DH

Symmetric key algorithms: AES, 3DES, DES, RC4

Hashing algorithms: MD5, SHA-1

RSA keys: 512, 1024, 2048, 4096, 8172 bits

Compare ModelsLearn about the similarities and differences of the models within this product series.